Author Topic: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch  (Read 33536 times)

0 Members and 1 Guest are viewing this topic.

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
For years, the TI-Nspire community has been working for the openness of the TI-Nspire, in order for its users to operate their calculators to their fullest potential.

And so was born Ndless, a framework for running assembly programs taking full control of the hardware in particular of the processor.
Some examples of Ndless compatible programs:

  • the nDoom 3D FPS game, a port of the Doom/Doom2 and compatible computer games
  • the Nintendo NES emulator
  • the Nintendo Game Boy Color emulator
  • the Nintendo Game Boy Advance emulator
  • the mViewer image reader

Ndless has existed in several versions, each one specific to a single or a small set of TI-Nspire systems:

Ndless versionTI-Nspire system version
1.0/1.11.1
1.1 prototype1.1 (non-CAS prototypes)
1.2 prototype1.2 (CAS prototypes)
1.31.3
1.41.4
1.71.7
2.01.7, 2.0.1, 2.1.0
3.13.1

The lack of an Ndless cross version is due to the fact that Ndless is not an officially supported program, and Texas Instruments has actively fought it since system 2.1.
Indeed, Ndless installation exploits some flaws in the TI-Nspire system. But any vulnerability exploited then quickly fixed or blocked by Texas Instruments in the next version of the system, forcing Ndless to always use new vulnerabilities.

Do you think you just don't have to update?
Except that Texas Instruments forces the update through various automated popups.
And eventually, all new TI-Nspire will come preloaded with the latest system - it is therefore not a solution for new users.


You'll tell me you just have to reinstall an earlier version of the system?
This was indeed possible until July 2010. At that date, the last 2.1 system has activated a protection which was there but disabled since the beginning, something we called the "system anti-downgrade protection".
System 2.1 and all subsequent systems are updating a minimal installable version number in a memory area not accessible to users and non clearable by any official menu.
Any previous version of the system is then rejected.





As a solution to those problems, the community did release another little tool, Nlaunch.
The TI-Nspire starts by running three pieces of software:

  • Boot Code 1
  • Boot Code 2
  • operating system
So in order to get to the operating system, there are two safety barriers to be overcome.

Where Ndless did only exploit flaws od the system, Nlaunch goes further as directly addressing the Boot Code 2 and overcoming one of both security barriers.
But as Ndless, Nlaunch is also specific to certain versions of the Boot2:

Nlaunch versionTI-Nspire Boot2 version
Nlaunch1.4
Nlaunch CX3.1 (TI-Nspire CX)

Nlaunch is able to install and run operating systems completely ignoring the minimum version of the system, and even to make a recent system to coexist with an old Ndless compatible system.

Like with operating systems, Texas Instruments quickly responded by including a TI-Nspire CX Boot2 update in its latest 3.2.4 operating system.




The TI-Nspire community wasn't worried about that:

  • current TI-Nspire users should simply be careful not to update their Boot2 when updating their system, thanks to the small TNOC tool
  • in case of omission of this manipulation, it was still possible to reprogram the older Boot2 version using an inexpensive TTL/USB interface (RS232)
  • and owners of new TI-Nspire CX could also apply this last solution




This was without counting on the wickedness of the Texas Instruments development team...

We could confirm that when updating a current TI-Nspire CX to the new 3.2.4 Boot2, it was still possible to reinstall the old Nlaunch compatible 3.1 Boot2.

But we hadn't tested this on new TI-Nspire CX coming preloaded with versions 3.2.4 of the system and the Boot2 ...
And although Boot2 3.1 is flashed successfuly through RS232 on these units, it is simply unable to run properly!  >:(

The boot2 fails on a non-recoverable error (System Error) and the RS232 console tells us a little more with the "BOOT2 Error: posix_file_init() error".

It's an error that has to do with the file system. But it's obviously still intact, as when flashing back the original 3.2.4 Boot2 the TI-Nspire CX boots successfuly.

So, Texas Instruments did probably change something on the new TI-Nspire CX, something that is managed properly by the new 3.2.4 Boot2 but not the old 3.1 Boot2.
Up to date, we do not know exactly what it is

So basically, Texas Instruments just invented us a new antidowngrade protection, "Boot2 antidowngrade protection". But managing to make its own older version of the code crash instead of giving you a clear and related error message is not very clean from my point of view - it just looks like a dirty hack - we were used to much cleaner protections so far...




In conclusion, the new TI-Nspire CX sold from now on are completely closed, with no known way to install Ndless or Nlaunch up to date.  >:(

If you want to use Ndless or Nlaunch, we'd advise you to give up on purchasing a brand new TI-Nspire CX and to look for it on the second-hand market.

In fact on the back of the TI-Nspire CX, on the right of the serial number, is what is called the datestamp, a 7-character code.

The new TI-Nspire CX crashing Boot2 3.1 which have been reported to us up to date have the datestamp 'P-0313J'.
This means that they were manufactured in the TI factory code P (China) in March 2013, and that they include the hardware revision J (11th version) of the motherboard.

On the second hand market you'll be able to ask the seller the datestamp of the calculator, and to buy only TI-Nspire CX whose datestamp ends with a letter from A to I.




This is a sad day for the community. For the third time, Ndless and all its compatible programs have been beaten to death, and even stronger than the previous times. Will they be able to survive this time? ... :'(




Source:
http://tiplanet.org/forum/viewtopic.php?p=147130&lang=en
« Last Edit: August 26, 2013, 07:58:19 pm by critor »
TI-Planet co-admin.

Offline TIfanx1999

  • ಠ_ಠ ( ͡° ͜ʖ ͡°)
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 6173
  • Rating: +191/-9
    • View Profile
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #1 on: August 26, 2013, 12:56:04 pm »
It seems TI is becoming ever more tenacious in blocking third party software. I can't say I'm surprised. :/ This stinks for new users though. :(
« Last Edit: August 26, 2013, 12:56:29 pm by Art_of_camelot »

Offline aeTIos

  • Nonbinary computing specialist
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3915
  • Rating: +184/-32
    • View Profile
    • wank.party
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #2 on: August 26, 2013, 01:03:54 pm »
Not sure wheter to downvote these posts for bringing bad news...
j/k; this really sucks. Glad I have ndless on my nspire ;3
I'm not a nerd but I pretend:

Offline AlexisVieira

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 100
  • Rating: +1/-1
    • View Profile
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #3 on: August 26, 2013, 01:40:22 pm »
Not sure wheter to downvote these posts for bringing bad news...

I was thinking the same...
I'm Portuguese, sorry bad English

Offline Lionel Debroux

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2135
  • Rating: +290/-45
    • View Profile
    • TI-Chess Team
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #4 on: August 26, 2013, 01:43:50 pm »
It would not be a good idea to downvote critor, who went out of his way and spent hours of his free time discussing with people, gathering information, testing on his calculator, writing about the bad news (in both French and English), etc.
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.

Offline Sorunome

  • Fox Fox Fox Fox Fox Fox Fox!
  • Support Staff
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 7920
  • Rating: +374/-13
  • Derpy Hooves
    • View Profile
    • My website! (You might lose the game)
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #5 on: August 26, 2013, 01:57:04 pm »
well, that sucks.
Why do they have to try to block out everything :(
The few people who actually google on how to put a cas os on a non-cas system probably won't make a big difference on their income.....

THE GAME
Also, check out my website
If OmnomIRC is screwed up, blame me!
Click here to give me an internet!

Offline AlexisVieira

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 100
  • Rating: +1/-1
    • View Profile
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #6 on: August 26, 2013, 02:07:45 pm »
It would not be a good idea to downvote critor, who went out of his way and spent hours of his free time discussing with people, gathering information, testing on his calculator, writing about the bad news (in both French and English), etc.

yes i was decided to upvote thinking on all the work... it's bad new but very well composed... as always
I'm Portuguese, sorry bad English

Offline Vogtinator

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1193
  • Rating: +108/-5
  • Instruction counter
    • View Profile
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #7 on: August 26, 2013, 02:09:47 pm »
The "posix_file_init()" seems to be nothing new.
Is there any way to dump the filesystem image?

Edit: RS232 Bootlog of the newest Boot2?
« Last Edit: August 26, 2013, 02:11:23 pm by Vogtinator »

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #8 on: August 26, 2013, 02:33:44 pm »
The "posix_file_init()" seems to be nothing new.
Yes, but on the difference, the error here happens with official code.
There are many ways to trigger that error, as it is a filesystem initialisation error.

Is there any way to dump the filesystem image?
If we had native code, yes... It might come from the Manuf too, as it does include some filesystem informations. I successfully managed to trigger it that way.

Edit: RS232 Bootlog of the newest Boot2?

The RS232 Bootlog in the news if of course a 3.1 Boot2 running on a TI-Nspire CX hardware revision J.
« Last Edit: August 26, 2013, 02:37:01 pm by critor »
TI-Planet co-admin.

Offline Vogtinator

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1193
  • Rating: +108/-5
  • Instruction counter
    • View Profile
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #9 on: August 26, 2013, 02:41:36 pm »
Quote
The RS232 Bootlog in the news if of course a 3.1 Boot2 running on a TI-Nspire CX hardware revision J.
No, I mean the bootlog of the newest Boot2, which is 3.2 currently. Has anything changed?

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #10 on: August 26, 2013, 02:45:03 pm »
Nothing seem to have changed. It's the same Datalight FlashFX version which is reported in the bootlog.
TI-Planet co-admin.

Offline Vogtinator

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1193
  • Rating: +108/-5
  • Instruction counter
    • View Profile
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #11 on: August 26, 2013, 02:50:20 pm »
What is more possible: Change in the hardware (ASIC, Flash, something else) or change in software (Boot1?)
I think TI prevented installation of older boot2 versions accidentially, this doesn't look like a serious attempt ;-)
Does an "old" calculator show the same symptoms after formatting the entire NAND, overwriting manuf with a newer one and installing 3.2 Boot2 + OS from scratch?

Offline Lionel Debroux

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2135
  • Rating: +290/-45
    • View Profile
    • TI-Chess Team
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #12 on: August 26, 2013, 02:51:26 pm »
Quote
Does an "old" calculator show the same symptoms after formatting the entire NAND, overwriting manuf with a newer one and installing 3.2 Boot2 + OS from scratch?
Maybe, but we don't have a copy of the newer manuf, and can't obtain one without arbitrary native code execution ;)
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.

Offline Vogtinator

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1193
  • Rating: +108/-5
  • Instruction counter
    • View Profile
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #13 on: August 26, 2013, 02:53:45 pm »
Oh, I forgot that :banghead:
Seems like I got too used to freedom  >:(

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: New TI-Nspire CX Boot2 antidowngrade protection blocks Ndless + Nlaunch
« Reply #14 on: August 26, 2013, 02:56:39 pm »
You're not alone having to think 'differently' from now on... ;)
TI-Planet co-admin.